BitKangoroo Ransomware Deletes User Files

A piece of ransomware currently in development is deleting users’ files if the ransom isn’t paid within a given period of time.
Dubbed BitKangoroo, the malware doesn’t appear to be the work of a skilled developer and can encrypt only files located in the Desktop folder at the moment, but could become a highly destructive threat because of code that erases users’ data.
研究人员通过扔U盘测试人们的安全反应,认为将U盘插到电脑中的人安全意识就比较差,这个测试信息安全意识的做法但得商榷。
Once a computer has been infected, the malware starts encrypting user’s files using AES-256 encryption, and appends the .bitkangoroo extension to each of the affected files. Once the process has been completed, the ransomware displays a window informing the victim that their files have been encrypted and that a 1 Bitcoin ransom should be paid to decrypt them.
The note warns that one file will be deleted every hour until the ransom has been paid, and also displays a countdown. When deleting the encrypted file, the malware also resets the timer to 60 minutes, BleepingComputer’s Lawrence Abrams reveals.
BitKangoroo isn’t the first ransomware family out there to delete user’s files if a payment wasn’t made, but previous threats did allow for a longer period of time before proceeding to such action, which would make more sense, considering that it could take days before being able to buy Bitcoin.
安全意识宣传——如何选择安全的密码
The good news is that security researcher Michael Gillespie has already managed to crack the malware’s encryption and has released a free decryption tool, called BitKangarooDecrypter.
Analysis of the malware also revealed code capable of deleting all of the encrypted files if the victim enters the wrong decryption key (a warning message is displayed when the user clicks on the Decrypt my files button). Fortunately, the code isn’t working and the ransomware can’t delete user’s files.

The BitKangoroo ransomware also provides the victim with a Bitcoin address they should send the ransom payment to, as well as the possibility to contact the malware author directly, via email. At the moment, the [email protected]/ / address is used.
Related: Nasty VirLocker Ransomware Returns
Related: Destructive KillDisk Malware Turns Into Ransomware
组织也应该从中吸取微博泄密的教训,制定好保密内容的范围,教育好员工哪些内容可以、哪些不可以在论坛、博客和社交网络上张贴。

猜您喜欢

信息安全意识考试
一个信息安全动画小故事,随意丢弃损毁的U盘,被保洁员拾走,泄了密……
实施华丽的EHS意识培训,只需三步!
美军神秘空天飞机在轨飞行近2年后返回地球
THEODYSSEYEXPEDITION CINCINNATI-EXOTIC-STRIPPERS
员工安全培训帮助实现终端安全以及法规遵循